| Age | Commit message (Collapse) | Author |
|---|
|
entry is attached to this entry.
ok phessler@, bluhm@
|
|
ok bluhm@
|
|
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@
|
|
During s2k15 we fixed this ugly 20+ years loopback hack of having a
rt_ifp different than rt_ifa->ifa_ifp.
ok millert@, bluhm@
|
|
ok millert@, bluhm@
|
|
socket(). Without pledge, all other socket behaviours become permitted,
except this one case: connect/send* only works to *:53. In pledge mode,
a very few are further restricted. Some backwards compatibility for
the dnssocket/dnsconnect calls will remain in the tree temporarily so
that people can build through the transition.
ok tedu guenther semarie
|
|
While here add two missing ``rtableid'' checks in in6_selectsrc().
ok bluhm@
|
|
ifa are refcounted to ensure that rt_ifa is always valid.
|
|
ok mpi@
|
|
SS_DNS tagged socket which has limited functionality (for example, you
cannot accept on them...) The libc resolver will switch to using these,
therefore pledge can identify a DNS transaction better.
ok tedu guenther kettenis beck and others
|
|
all the ports in the range portfirst .. portlast
are in use.
ok millert@, mpi@
|
|
configured addressses.
ok mikeb@
|
|
Note that after calling rtalloc(9) we only check if a route has been
returned or not and do not check for its validity. This cannot be
improved without a massive refactoring.
The kernel currently *do* use !RTF_UP route due to a mismatch between
the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code.
I'd explain the RTF_UP flag as follow:
. If a cached route entry w/o RTF_UP is passed to ip{6,}_output(),
. call rtalloc(9) to see if a better entry is present in the tree.
This is enough to support MPATH and route cache invalidation.
ok bluhm@
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
The routing table is not an optional component of the network stack
and initializing it inside the "routing domain" requires some ugly
introspection in the domain interface.
This put the rtable* layer at the same level of the if* level. These
two subsystem are organized around the two global data structure used
in the network stack:
- the global &ifnet list, to be used in process context only, and
- the routing table which can be read in interrupt context.
This change makes the rtable_* layer domain-aware and extends the
"struct domain" such that INET, INET6 and MPLS can specify the length
of the binary key used in lookups. This allows us to keep, or move
towards, AF-free route and rtable layers.
While here stop the madness and pass the size of the maximum key length
in *byte* to rn_inithead0().
ok claudio@, mikeb@
|
|
|
|
This gives us userland notification for free and get rid of a
rtrequest1(9) call.
ok phessler@, mikeb@, sthen@
|
|
Tested by <mxb AT alumni DOT chalmers DOT se>.
ok dlg@
|
|
specific places.
ok claudio@, benno@
|
|
in in_pcbbind() and in6_pcbsetport()
ok claudio@, with input from David Hill
|
|
callers rtfree(9) it.
Inputs and ok bluhm@
|
|
needs to see lo0 in the output path.
ok claudio@
|
|
lookup to ensure pf_test() is called with the same interface in the
input annd output path for local traffic.
Fix a regression reported by Heiko Zimmermann on bugs@, thanks!
ok mikeb@, claudio@
|
|
stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
|
Use instead the RTF_LOCAL flag to loop local traffic back to the
corresponding protocol queue.
With this change rt_ifp is now always the same as rt_ifa->ifa_ifp.
ok claudio@
|
|
the protocol queues.
It basically does what looutput() was doing but having a generic
function will allow us to get rid of the loopback hack overwwritting
the rt_ifp field of RTF_LOCAL routes.
ok mikeb@, dlg@, claudio@
|
|
OK mpi@
|
|
all the cleanup by mpi@ since we no longer overwrite ifps, etc. OK dlg@
|
|
|
|
claudio missed this one cos he was drunk while he was supposed to
be fixing this file.
ok claudio@ mpi@
|
|
The returned "struct rtentry" is either the cached one or the one passed
in options.
ok claudio@
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
the mbuf packet header. If the packet and is later dropped in
ip6_forward(), the TCP mbuf is copied and passed to icmp6_error().
IPv6 uses m_copym() and M_PREPEND() which preserve the packet header.
The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an
incorrect checksum. So reset the csum_flags when packets are
generated by icmp6_reflect() or icmp6_redirect_output().
IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears
the packet header, so the problem does not occur. But setting the
csum_flags explicitly also makes sense for icmp_send(). Do not or
M_ICMP_CSUM_OUT to a value that is 0 because of some function calls
before.
OK mpi@ lteo@
|
|
ok claudio@
|
|
ok claudio@
|
|
|
|
OK mpi@
|
|
ok deraadt@ miod@
|
|
ifpp - XXX: just for statistics
ifpp is always NULL in all callers so that statistic confirms ifpp is
dying
OK mpi@
|
|
In all but two calls NULL is passed and in the other 2 cases the ifp
is only used to maybe feed it to in6_selecthlim() to select the hoplimit
for the link. Since in6_embedscope() only works on link-local addresses
it does not matter what hop limit we select since the destination is
directly reachable.
OK florian@ mpi@
|
|
the 3rd argument of in6_recoverscope() and make it return void.
OK dlg@ mikeb@
|
|
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
|
interface.
OK mpi@
|
|
instead of the name so we don't have to if_get/if_put it for just that.
OK dlg@
|
|
ok mikeb@
|
|
ok dlg@, claudio@
|
|
|
|
which is probably not even needed here but who knows for sure.
OK dlg@
|
|
|
|
|
